Blancco is aware of the remote code execution vulnerability (CVE-2021-44228) which was reported in the Apache Log4J library on 10th December 2021. This commonly used library is utilized by the Blancco Management Console.
We are working on addressing the vulnerability on the highest priority and will be providing a fix version later today.
Blancco Cloud and any other Blancco hosted instances affected by this vulnerability have been already patched and are not affected by this anymore. For the on-premise version of Blancco Management Console, there will be a fix release, version 5.11.1, available as soon as possible to mitigate this vulnerability. This news post will be updated after the fix release is available for download.
If you need additional details or you have any questions regarding the vulnerability, you can submit a ticket at email@example.com or through the Support Portal.
Update Dec 15, 2021 06:52 PM UTC+2
Blancco is aware of the other recently discovered vulnerability (CVE-2021-45046) and we will be providing additional Blancco Management Console fix version to mitigate this issue.
Blancco Management Console 5.11.2 has been released and the release notes are available here: Blancco Management Console version 5.11.2 has been released!
For any further information, please contact Blancco Technical Support.
Update Dec 13, 2021 06:39 PM UTC+2
Blancco Management Console 5.11.1 has been released and contains the fix to mitigate this vulnerability. It is highly recommended to update your Blancco Management Console to the latest version. Please contact Blancco Technical Support for further assistance.
The release notes for Management Console 5.11.1 can be found here: Blancco Management Console version 5.11.1 has been released!